CVE-2005-4427

Cerberus Helpdesk - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-4427. PoCs published by A. Ramos.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Cerberus Helpdesk, with an example URL demonstrating SQL injection via the 'ticket' parameter. No actual exploit code is present.

Description

Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by A. Ramos · textwebappsphp
https://www.exploit-db.com/exploits/26975

The provided text describes SQL injection and XSS vulnerabilities in Cerberus Helpdesk, with an example URL demonstrating SQL injection via the 'ticket' parameter. No actual exploit code is present.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Cerberus Helpdesk
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by A. Ramos · textwebappsphp
https://www.exploit-db.com/exploits/26973

The provided text describes SQL injection and XSS vulnerabilities in Cerberus Helpdesk but does not include functional exploit code. It references a URL with a vulnerable parameter (`kbid`) but lacks a proof-of-concept payload.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Cerberus Helpdesk (version unspecified)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by A. Ramos · textwebappsphp
https://www.exploit-db.com/exploits/26974

This exploit demonstrates SQL injection and XSS vulnerabilities in Cerberus Helpdesk by manipulating the 'queues[]' parameter in a POST request to /cerberus-gui/addresses_export.php. The lack of input validation allows arbitrary SQL queries or script injection.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Cerberus Helpdesk (version not specified)
Auth required
Prerequisites: Valid session ID (sid) · Access to the target endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21991
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21993
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113500878630130&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21992
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16062
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21995
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21990
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18112
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21988
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21994
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23836
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/420271/100/0/threaded

Scores

EPSS 0.0322
EPSS Percentile 86.6%

Details

Status published
Products (1)
cerberus/cerberus_helpdesk 2.649
Published Dec 20, 2005
Tracked Since Feb 18, 2026